Merge pull request #913 from lauxjpn/fix/sslkey

bgrainger · web-flow · commit cde351b0d1ef · 2020-12-11T16:27:15.000-08:00
Extract key from between PEM header/footer, instead of just removing the PEM header/footer.
diff --git a/.ci/server/certs/ssl-client-key-null.pem b/.ci/server/certs/ssl-client-key-null.pem
diff --git a/src/MySqlConnector/Utilities/Utility.cs b/src/MySqlConnector/Utilities/Utility.cs
@@ -85,22 +85,39 @@ public static unsafe void Convert(this Encoder encoder, ReadOnlySpan<char> chars
 		/// <returns>An RSA key.</returns>
 		public static RSAParameters GetRsaParameters(string key)
 		{
+			const string beginRsaPrivateKey = "-----BEGIN RSA PRIVATE KEY-----";
+			const string endRsaPrivateKey = "-----END RSA PRIVATE KEY-----";
+			const string beginPublicKey = "-----BEGIN PUBLIC KEY-----";
+			const string endPublicKey = "-----END PUBLIC KEY-----";
+
+			int keyStartIndex;
+			string pemFooter;
 			bool isPrivate;
-			if (key.StartsWith("-----BEGIN RSA PRIVATE KEY-----", StringComparison.Ordinal))
+
+			if ((keyStartIndex = key.IndexOf(beginRsaPrivateKey, StringComparison.Ordinal)) > -1)
 			{
-				key = key.Replace("-----BEGIN RSA PRIVATE KEY-----", "").Replace("-----END RSA PRIVATE KEY-----", "");
+				keyStartIndex += beginRsaPrivateKey.Length;
+				pemFooter = endRsaPrivateKey;
 				isPrivate = true;
 			}
-			else if (key.StartsWith("-----BEGIN PUBLIC KEY-----", StringComparison.Ordinal))
+			else if ((keyStartIndex = key.IndexOf(beginPublicKey, StringComparison.Ordinal)) > -1)
 			{
-				key = key.Replace("-----BEGIN PUBLIC KEY-----", "").Replace("-----END PUBLIC KEY-----", "");
+				keyStartIndex += beginPublicKey.Length;
+				pemFooter = endPublicKey;
 				isPrivate = false;
 			}
 			else
 			{
 				throw new FormatException("Unrecognized PEM header: " + key.Substring(0, Math.Min(key.Length, 80)));
 			}
 
+			var keyEndIndex = key.IndexOf(pemFooter, keyStartIndex, StringComparison.Ordinal);
+
+			if (keyEndIndex <= -1)
+				throw new FormatException($"Missing expected '{pemFooter}' PEM footer: " + key.Substring(Math.Max(key.Length - 80, 0)));
+
+			key = key.Substring(keyStartIndex, keyEndIndex - keyStartIndex);
+
 			return GetRsaParameters(System.Convert.FromBase64String(key), isPrivate);
 		}
 
diff --git a/tests/SideBySide/SslTests.cs b/tests/SideBySide/SslTests.cs
@@ -64,8 +64,10 @@ public async Task ConnectSslClientCertificate(string certFile, string certFilePa
 #if !NETCOREAPP1_1_2
 		[SkippableTheory(ConfigSettings.RequiresSsl | ConfigSettings.KnownClientCertificate)]
 		[InlineData("ssl-client-cert.pem", "ssl-client-key.pem", null)]
+		[InlineData("ssl-client-cert.pem", "ssl-client-key-null.pem", null)]
 #if !BASELINE
 		[InlineData("ssl-client-cert.pem", "ssl-client-key.pem", "ssl-ca-cert.pem")] // https://bugs.mysql.com/bug.php?id=95436
+		[InlineData("ssl-client-cert.pem", "ssl-client-key-null.pem", "ssl-ca-cert.pem")] // https://bugs.mysql.com/bug.php?id=95436
 #endif
 		public async Task ConnectSslClientCertificatePem(string certFile, string keyFile, string caCertFile)
 		{

Original file line number	Diff line number	Diff line change
`@@ -85,22 +85,39 @@ public static unsafe void Convert(this Encoder encoder, ReadOnlySpan<char> chars`
`85`	`85`	`/// <returns>An RSA key.</returns>`
`86`	`86`	`public static RSAParameters GetRsaParameters(string key)`
`87`	`87`	`{`
	`88`	`+ const string beginRsaPrivateKey = "-----BEGIN RSA PRIVATE KEY-----";`
	`89`	`+ const string endRsaPrivateKey = "-----END RSA PRIVATE KEY-----";`
	`90`	`+ const string beginPublicKey = "-----BEGIN PUBLIC KEY-----";`
	`91`	`+ const string endPublicKey = "-----END PUBLIC KEY-----";`
	`92`	`+`
	`93`	`+ int keyStartIndex;`
	`94`	`+ string pemFooter;`
`88`	`95`	`bool isPrivate;`
`89`		`- if (key.StartsWith("-----BEGIN RSA PRIVATE KEY-----", StringComparison.Ordinal))`
	`96`	`+`
	`97`	`+ if ((keyStartIndex = key.IndexOf(beginRsaPrivateKey, StringComparison.Ordinal)) > -1)`
`90`	`98`	`{`
`91`		`- key = key.Replace("-----BEGIN RSA PRIVATE KEY-----", "").Replace("-----END RSA PRIVATE KEY-----", "");`
	`99`	`+ keyStartIndex += beginRsaPrivateKey.Length;`
	`100`	`+ pemFooter = endRsaPrivateKey;`
`92`	`101`	`isPrivate = true;`
`93`	`102`	`}`
`94`		`- else if (key.StartsWith("-----BEGIN PUBLIC KEY-----", StringComparison.Ordinal))`
	`103`	`+ else if ((keyStartIndex = key.IndexOf(beginPublicKey, StringComparison.Ordinal)) > -1)`
`95`	`104`	`{`
`96`		`- key = key.Replace("-----BEGIN PUBLIC KEY-----", "").Replace("-----END PUBLIC KEY-----", "");`
	`105`	`+ keyStartIndex += beginPublicKey.Length;`
	`106`	`+ pemFooter = endPublicKey;`
`97`	`107`	`isPrivate = false;`
`98`	`108`	`}`
`99`	`109`	`else`
`100`	`110`	`{`
`101`	`111`	`throw new FormatException("Unrecognized PEM header: " + key.Substring(0, Math.Min(key.Length, 80)));`
`102`	`112`	`}`
`103`	`113`
	`114`	`+ var keyEndIndex = key.IndexOf(pemFooter, keyStartIndex, StringComparison.Ordinal);`
	`115`	`+`
	`116`	`+ if (keyEndIndex <= -1)`
	`117`	`+ throw new FormatException($"Missing expected '{pemFooter}' PEM footer: " + key.Substring(Math.Max(key.Length - 80, 0)));`
	`118`	`+`
	`119`	`+ key = key.Substring(keyStartIndex, keyEndIndex - keyStartIndex);`
	`120`	`+`
`104`	`121`	`return GetRsaParameters(System.Convert.FromBase64String(key), isPrivate);`
`105`	`122`	`}`
`106`	`123`